From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-03 10:21:01 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news.tele.dk!194.213.69.151!news.algonet.se!newsfeed1.telenordia.se!algonet!uab.ericsson.se!erix.ericsson.se!mike From: mike@erix.ericsson.se (Mike Williams) Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: 3 Aug 2001 17:21:00 GMT Organization: Ericsson Utvecklings AB, Stockholm, Sweden Sender: mike@super (Mike Williams) Message-ID: <9kemhs$17g$2@news.du.uab.ericsson.se> References: <9kc355$ri0$1@nh.pace.co.uk> <9kcdli$24o$1@nh.pace.co.uk> <5267be60.0108030900.26d4a4e7@posting.google.com> NNTP-Posting-Host: super.du.uab.ericsson.se NNTP-Posting-User: mike X-Newsreader: xrn 9.01 Xref: archiver1.google.com comp.lang.ada:11237 comp.lang.c:71937 comp.lang.c++:79726 comp.lang.functional:7265 Date: 2001-08-03T17:21:00+00:00 List-Id: In article <5267be60.0108030900.26d4a4e7@posting.google.com>, mjsilva@jps.net (Mike Silva) writes: |> I've read a lot of speculation that the "Operand Error" in the report |> was actually a CPU/FPU exception, but this is the most definitive |> statement I've seen. In this case it seems reasonable to imagine that |> the same results would have occurred regardless of the programming |> language used. Perhaps not. In a programming language which supports multiple task/threads/processes/whatever, it is possible to have a run time system where failure in one task does not cause failure of the whole system. In languages with unsafe pointers and without bounds checking, of course one task can still sabotage another task. You can use an MMU to prevent this, but we would then be talking of _very_ heavy weight tasking (maybe what's sometimes called an OS :-). In Erlang, the whole philosophy of error recovery is that erroneous tasks (processes) *should* fail. A "link" mechanism allows tasks to monitor each other, so that a "healthy" task can do "damage control" if another task should fail. This mechanism of course also works accross machine boundaries. Mind you, I guess that in Ariane-5, the damage was probably already irrecoverable......... /m PS. This is getting somewhat off-track for these newsgroups.